//package com.hehe.config;
//
//import com.fasterxml.jackson.databind.ObjectMapper;
//import com.hehe.filter.TokenTranslationFilter;
//import com.hehe.powernode.constant.BusinessEnum;
//import com.hehe.powernode.constant.HttpConstants;
//import com.hehe.powernode.model.Result;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.AuthenticationException;
//import org.springframework.security.web.AuthenticationEntryPoint;
//import org.springframework.security.web.access.AccessDeniedHandler;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.io.PrintWriter;
//
///**
// * 资源服务器配置，具体内容如下所示：
// * ResourceServerConfig 和 AuthSecurityConfig 的执行顺序可以通过 @Order
// * 注解来控制，数字越小的配置类优先执行。如果你期望 ResourceServerConfig
// * 先执行，然后再执行 AuthSecurityConfig，你需要确保两者的 @Order 注解值正确设置
// */
//@Order(98)
//@Configuration
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class ResourceServerConfig extends WebSecurityConfigurerAdapter {
//    @Autowired
//    private TokenTranslationFilter tokenTranslationFilter;
//    @Autowired
//    private ObjectMapper objectMapper;
//
//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        super.configure(auth);
//    }
//
//    @Override
//    protected void configure(HttpSecurity http) throws Exception {
//        // 关闭跨站请求伪造
//        http.csrf().disable();
//        // 关闭跨域请求
//        http.cors().disable();
//        // 关闭session管理
//        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
//        // 编写token解析过滤器，将token转换为用户信息存放到security容器中，放在认证过滤器之前（无需再登录）
//        http.addFilterBefore(tokenTranslationFilter, UsernamePasswordAuthenticationFilter.class);
//        // 没有携带token，直接访问资源服务器，拦截报401，如果有token但是没有权限访问，报403
//        http.exceptionHandling()
//                .authenticationEntryPoint(authenticationEntryPoint()) // 处理：没有携带token的请求直接访问资源服务器
//                .accessDeniedHandler(accessDeniedHandler()); // 处理：携带token，但是权限不够
//        // 配置放行路径
//        http.authorizeHttpRequests()
//                .antMatchers("/sys/menu/nav").permitAll() // 允许所有人访问该接口
//                .antMatchers("/test/list").permitAll() // 允许所有人访问该接口
//                .antMatchers("/test").permitAll() // 允许所有人访问该接口
//                .antMatchers("/**") // 放行路径ResourceConstants.RESOURCE_ALLOW_URLS
//                .permitAll()
//                .anyRequest().authenticated();  // 其它请求都必须认证
//    }
//
//    /**
//     * 没有携带token处理器，直接返回401
//     *
//     * @return
//     */
//    private AuthenticationEntryPoint authenticationEntryPoint() {
//        return (request, response, authException) -> {
//            response.setContentType(HttpConstants.APPLICATION_JSON);
//            response.setCharacterEncoding(HttpConstants.UTF_8);
//            // 返回结果对象
//            Result<String> result = Result.fail(BusinessEnum.UN_AUTHORIZATION);
//            String s = objectMapper.writeValueAsString(result);
//            PrintWriter writer = response.getWriter();
//            writer.write(s);
//            writer.flush();
//            writer.close();
//        };
//    }
//
//    /**
//     * 携带token权限不足处理器，直接返回403
//     *
//     * @return
//     */
//    private AccessDeniedHandler accessDeniedHandler() {
//        return (request, response, authException) -> {
//            response.setContentType(HttpConstants.APPLICATION_JSON);
//            response.setCharacterEncoding(HttpConstants.UTF_8);
//            // 返回结果对象
//            Result<String> result = Result.fail(BusinessEnum.ACCESS_DENY_FAIL);
//            String s = objectMapper.writeValueAsString(result);
//            PrintWriter writer = response.getWriter();
//            writer.write(s);
//            writer.flush();
//            writer.close();
//        };
//    }
//}
